Government websites in the US and the United Kingdom were used to secretly mine cryptocurrency.
The hijacking script uses Coinhive, a popular mining script itself is not meant to be malicious-at least according to its creators-but has gained a reputation for being used in these types of attacks, often referred to as cryptojacking.
"Someone just messaged me to say their local government website in Australia is using the software as well". The program, made by the British software company Texthelp, is a tool that reads and translates website content for visitors with dyslexia or who are foreign-language speakers.
There are no indications so far of any data being compromised on any of the websites that were infected.
Hackers trying to mine the digital currency Monero exploited thousands of websites, including those for educational institutions in the US and elsewhere. It will remain out of action until midday on Tuesday - although Texthelp claimed that "the security breach has already been addressed".
Software that mines cryptocurrency isn't illegal in its own right, but malware that installs such software without the consent of website owners is fraudulent.
A spokesperson for the National Cyber Security Centre (NCSC) said: "NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency". "In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed".
Texthelp, the company that provides Browsealoud, has confirmed that the compromised plugin has been taken offline. The company has examined the affected file thoroughly and can confirm that no customer data has been accessed or lost.
According to Helme, webmasters should try a technique called SRI (subresource integrity), which uses a fingerprinting approach to block altered code from being pulled into webpages, nipping any potential attacks in the bud.